Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2024-05-21	CVE-2024-4553	Cross-site Scripting vulnerability in Getshortcodes Shortcodes Ultimate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_members' shortcode in all versions up to, and including, 7.1.5 due to insufficient input sanitization and output escaping on user supplied 'color' attribute. network low complexity getshortcodes CWE-79	5.4
2024-05-21	CVE-2024-4695	Cross-site Scripting vulnerability in Moveaddons Move Addons for Elementor The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity moveaddons CWE-79	5.4
2024-05-21	CVE-2024-4470	Cross-site Scripting vulnerability in Averta Master Slider The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tag_name' attribute. network low complexity averta CWE-79	5.4
2024-05-21	CVE-2024-4943	Cross-site Scripting vulnerability in Creativethemes Blocksy The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘has_field_link_rel’ parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. network low complexity creativethemes CWE-79	5.4
2024-05-18	CVE-2024-5088	Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. network low complexity leevio CWE-79	5.4
2024-05-18	CVE-2024-2772	Cross-site Scripting vulnerability in Fluentforms Contact Form The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. network low complexity fluentforms CWE-79	5.4
2024-05-18	CVE-2024-4709	Cross-site Scripting vulnerability in Fluentforms Contact Form The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. network low complexity fluentforms CWE-79	5.4
2024-05-18	CVE-2024-4891	Cross-site Scripting vulnerability in Wpdeveloper Essential Blocks The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. network low complexity wpdeveloper CWE-79	5.4
2024-05-18	CVE-2024-4865	Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping. network low complexity leevio CWE-79	5.4
2024-05-17	CVE-2024-23522	Cross-site Scripting vulnerability in Strategy11 Formidable Forms Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7. network low complexity strategy11 CWE-79	6.1